Ever wonder what happens to your data if a company you’re doing business with has been hacked? Simply: it’s posted for sale on the Dark Web.
Let’s be clear about what we mean when we say ‘data’. We mean information, specifically, information about you. It will be anything the company that suffered breach held on you. So, it could be your name, address, email addresses, associated passwords, date of birth, bank details, credit card numbers, mobile and home phone numbers – in fact, a whole range of information that confirms your identity.
HOW DOES IT MATTER?
When you use a credit card online, the retailer checks information associated with that card, the information you filled out on the application form. If the details don’t match, the transaction is declined. If a hacker has your credit card information, address and associated email, phone number, etc., there’s a good chance the transaction will be approved and you’ll end up having to jump through hoops to get your money back.
That was a fairly benign example. With all your personal information, a hacker can literally steal your identity, take out loans and credit cards in your name, siphon money from your bank account – and your mortgage too if they’re linked. You begin to see why keeping your data safe matters and why you don’t want it on the Dark Web.
WHAT IS THE DARK WEB?
Like the ‘regular’ internet, the ‘Dark Web’ is a collection of websites. The difference is the Dark Web is an encrypted network. This ensures the sites it hosts can’t be found by the casual observer using standard search engines such as Google or Bing or using traditional browsers such as Chrome and Safari. Websites on the Dark Web are encrypted specifically so their location, owners and activity can remain hidden. Anyone can access websites on the Dark Web as long as they’re using the right tool. Many of these along with instructions on how to use them, can be found with the help of YouTube. Before however, you go in search, we strongly advise you to leave it alone. If you don’t know what you’re doing, you could upset a lot of unscrupulous people. For those with darker or criminal intent, the Dark Web is full of possibilities.
Perhaps the most well-known of the sites operating on the Dark Web was (possibly still is) Silk Road – a sort of Amazon for people looking to buy things that aren’t legal, such as drugs, weapons and other awful, disturbing products and services. The other key offering on the Dark Web is people’s data.
HOW MUCH IS YOUR DATA WORTH?
Dark Web Prices for Personal Data:
|Stolen online banking logins, minimum $100 on account
|Credit card details, account balance up to $1000
|Stolen PayPal account details, minimum $100
|Hacked Facebook account
|Hacked Instagram account
|Hacked Twitter account
|Hacked Gmail account
Source: Dark Web Price Index 2020 – October 2020
Let’s break that down. Were you affected by the LinkedIn breach where 164 million emails and passwords were compromised? That happened in 2012 but it wasn’t until FOUR YEARS LATER the data was offered for sale on the Dark Web. People will often use work email for LinkedIn so hackers have gained access to work email now too. Any sensitive data contained in your email conversations will be harvested and used against you and your clients!
Once your details have been posted on the Dark Web, they stay there. FOREVER. It’s not a question of one buyer attains the rights to your details and they get taken down from the Dark Web. Anyone who wants them can pay the fee and have a go at hacking you – multiple hackers all targeting you, trying to steal your money in various and increasingly creative ways. And they’re using details you used years ago. Which is why you should NEVER reuse a password.
Ever log in to a website using “Login With Facebook”? Or “Login with Google”? If these details have been compromised, a hacker can use them to access any other site you log into using your Facebook or Google credentials.
If hackers get your Gmail details, they can access all your correspondence, your calendar and all your contacts. Does it matter if they have your Twitter login? Imagine the damage they could do to your reputation! Also – do you use the same email and password for Twitter as you do for Facebook? Or your Amazon account? Do you see where we’re going with this?
OUR TOP 5 RECOMMENDATIONS FOR PROTECTING YOURSELF:
1) Check all your email domains on www.haveibeenpwned.com. If you’ve been pwned, change every password on every account associated with it (if you can remember them all!)
2) Choose your passwords wisely: use three unconnected words, such as ‘ComputerGlassBusiness’. These types of passwords are virtually impossible to crack. Use objects you can see from your desk – makes them easier to remember.
3) Use a password manager – then you only need to remember ONE password and the app does the rest for you.
4) Don’t use work email domains for personal accounts or on websites used for personal surfing – keep your work email domain for work only!
5) Regularly check your email domains to see if they’ve been compromised so you can react quickly if you need to!
Did you know, Security Everywhere offers a Password Manager and Dark Web monitoring? If you would like to see whether your domain has been compromised, get in touch. Our Dark Web monitoring service will notify you quickly should your information appear on the Dark Web. This gives you the best opportunity of preventing further loss of information or breaches that could cause you serious harm.
ABOUT Security Everywhere
Security Everywhere powered by Westtek is a proactive Technology Success Partner that specialises in delivering cybersecurity measures, strategic consulting and technical support services to help you stay secure whilst maximising productivity. We make sure your technology works for your business and not the other way around.